// tool · server-side
SSRF helper: IP representations and allowlist bypass
SSRF happens when the server can be tricked into making requests it shouldn't — cloud metadata, internal services, loopback. Generate every representation of an IP, craft gopher:// payloads and browse the bypass techniques.
Runs 100% in your browser · nothing is sent to the target
IP representation generator
Enter an IPv4 (e.g. 169.254.169.254) to generate the numeric encodings.
- Decimal (32-bit integer)
Why it works: An IP is a 32-bit integer.
inet_aton()and many HTTP clients accept the raw decimal value, dodging filters that only match the1.2.3.4form. - Hex (0x, dotless)
Why it works: The same integer in hex with the
0xprefix.inet_aton-style parsers turn0x…back into the original IP; text allowlists do not. - Hex per octet
Why it works: Each octet as
0x.., dot-separated. Useful when the parser requires 4 parts but accepts each part in hex. - Octal per octet (leading zero)
Why it works: Octets prefixed with
0are read as octal byinet_aton.0177.0.0.1=127.0.0.1, while the filter sees a different string. - Octal (dotless)
Why it works: The whole integer in octal, leading
0. A rare form that several parsers still normalize to the destination IP. - Short form (3 parts)
Why it works:
inet_atonacceptsa.b.cwhere the last part is 16-bit.127.0.1becomes127.0.0.1, escaping validators that expect 4 octets. - Short form (2 parts)
Why it works:
a.b, last part 24-bit.127.1=127.0.0.1. A classic for shortening loopback and slipping past naive regexes. - Octet overflow (mod 256)
Why it works: Some parsers apply
% 256to the octet.…+256resolves to the same IP but slips past checks that only block the canonical value. - IPv4-mapped IPv6
Why it works:
[::ffff:1.2.3.4]is the IPv4 embedded in IPv6. Dual-stack stacks connect to the real IPv4, but the IPv4 filter never inspects bracketed hosts. - IPv6-mapped (hex groups)
Why it works: Same idea, last two groups in hex. Yet another textual form that resolves to the destination IPv4.
- IPv6-mapped (expanded)
Why it works: Uncompressed
[0:0:0:0:0:ffff:..:..]. Useful against filters that recognize the compressed::ffff:but not the expanded form. - Wildcard DNS — nip.io
Why it works:
<ip>.nip.ioresolves to that IP via DNS. Beats domain-based allowlists (the host is an "external" name pointing inward). - Wildcard DNS — sslip.io
Why it works: Same concept as nip.io, with hyphen syntax (
a-b-c-d.sslip.io). A fallback when one of the services is filtered/unavailable.
gopher:// payload builder
The gopher:// scheme sends raw bytes to a TCP port — including CRLF — letting you "speak" protocols like Redis or HTTP through an SSRF. Build the payload below.
Why it works: gopher:// has no headers: every byte you type goes raw to the socket. The %0d%0a (CRLF) separate commands, letting you inject text protocols into internal services.
Bypass techniques
- Embedded credentials (userinfo) Allowlist bypass
http://allowed.com@169.254.169.254/Why it works: Everything before
@is userinfo, not the host. The client connects to169.254.169.254, but a naive filter "sees"allowed.com. - Fragment confusion (#) Allowlist bypass
http://169.254.169.254#@allowed.com/Why it works: Parsers disagree on where the
#(fragment) begins. Some treatallowed.comas the host; the real client uses169.254.169.254. - Trailing dot (FQDN) Allowlist bypass
http://allowed.com.evil.com/Why it works: Suffix allowlists (
endsWith("allowed.com")) fall for malicious subdomains.http://169.254.169.254./also works in some resolvers. - Case / encoding variation Allowlist bypass
http://ALLOWED.com%2f@169.254.169.254/Why it works: Case-sensitive comparisons or ones that do not normalize
%2f/%2elet the URL through. Always normalize before comparing. - AWS IMDSv1 — credentials
http://169.254.169.254/latest/meta-data/iam/security-credentials/Why it works: IMDSv1 needs no token: a simple SSRF reads the role name and then the temporary keys (AccessKey/SecretKey/Token).
- AWS IMDSv2 — PUT token
http://169.254.169.254/latest/api/tokenWhy it works: IMDSv2 requires fetching a token via
PUTon this endpoint, with theX-aws-ec2-metadata-token-ttl-seconds: 21600header, then sending it back inX-aws-ec2-metadata-token. Only exploitable if the SSRF allows arbitrary methods/headers. - GCP — Metadata-Flavor
http://169.254.169.254/computeMetadata/v1/?recursive=trueWhy it works: GCP requires the
Metadata-Flavor: Googleheader. The?recursive=truepath dumps everything, including service-account tokens. - Azure — Metadata:true header
http://169.254.169.254/metadata/instance?api-version=2021-02-01Why it works: Azure requires the
Metadata: trueheader and theapi-versionparameter. Use/identity/oauth2/tokento grab managed tokens. - Alibaba Cloud
http://100.100.100.200/latest/meta-data/ram/security-credentials/Why it works: Alibaba uses the IP
100.100.100.200with an AWS-like layout and no token by default. - Kubernetes / kubelet
http://127.0.0.1:10255/podsWhy it works: In clusters, the kubelet read-only port (
10255) lists pods and secrets. The node metadata API (https://169.254.169.254/) also exposes credentials when reached via SSRF. - gopher:// → Redis Protocols
gopher://127.0.0.1:6379/_%2A1%0d%0a%244%0d%0aPING%0d%0aWhy it works:
gopher://sends raw bytes, including CRLF (%0d%0a), letting you speak Redis/SMTP/FastCGI through the SSRF. Use the builder above. - dict:// — probe/exfil Protocols
dict://127.0.0.1:6379/infoWhy it works:
dict://sends a single line to the port — great for fingerprinting internal services (Redis, memcached) and reading banners. - file:// — local read Protocols
file:///etc/passwdWhy it works: If the fetcher accepts the
file://scheme, the SSRF turns into arbitrary file read on the server. - ftp:// / ldap:// Protocols
ftp://127.0.0.1:11211/Why it works: Alternate schemes reach services speaking text protocols. Swap scheme/port to hit memcached, LDAP (
ldap://127.0.0.1:389/), etc. - DNS rebinding (TOCTOU) DNS rebinding
http://rebind.attacker.com/Why it works: The host resolves to a public IP at validation time and to
127.0.0.1/link-local at request time. Exploits the check-vs-use window (TOCTOU). - Ready-made rebind services DNS rebinding
1u.msWhy it works:
1u.ms/rbndr.usflip between two IPs per lookup;nip.io/sslip.ioresolve straight to the embedded IP. Generate the names in the panel above. - URL parser divergence Parser confusion
http://127.0.0.1\@allowed.com/Why it works: The validator and the HTTP client use different parsers (RFC 3986 vs WHATWG). Backslash, whitespace and unicode "/" make each see a different host. Unicode-"/" variant:
http://allowed.com\u2044@127.0.0.1/. - IDNA / homoglyph Parser confusion
http://①②⑦.⓪.⓪.①/Why it works: Unicode characters normalize to ASCII at resolution time (IDNA/NFKC). The filter compares the unicode form; the client resolves the real IP.
- 30x redirect to internal Parser confusion
https://attacker.com/rWhy it works: The first URL is public and passes the allowlist; the server replies
30xpointing at the internal target, and the client follows the redirect.
No techniques match these filters.
For authorized testing, research and education only. The tool only transforms text in your browser — it makes no requests. Do not test targets without explicit permission.
// reference
What is SSRF
SSRF (Server-Side Request Forgery) happens when the server can be tricked into making requests to a destination the attacker chooses. Because the request originates inside the infrastructure, it often crosses the firewall and reaches internal services, loopback and the cloud metadata endpoint.
The most valuable target is usually the metadata endpoint (169.254.169.254), which can hand over the machine role's temporary credentials. Defenses that only block strings fail because there are many ways to write the same IP and many ways to confuse the URL parser.
Alternative IP representations
An IP is a 32-bit integer, and many HTTP clients accept its decimal, octal, hexadecimal and IPv6 forms. The generator above produces all of them; below is why each one fools text filters:
- Decimal (32-bit integer) — An IP is a 32-bit integer.
inet_aton()and many HTTP clients accept the raw decimal value, dodging filters that only match the1.2.3.4form. - Hex (0x, dotless) — The same integer in hex with the
0xprefix.inet_aton-style parsers turn0x…back into the original IP; text allowlists do not. - Hex per octet — Each octet as
0x.., dot-separated. Useful when the parser requires 4 parts but accepts each part in hex. - Octal per octet (leading zero) — Octets prefixed with
0are read as octal byinet_aton.0177.0.0.1=127.0.0.1, while the filter sees a different string. - Octal (dotless) — The whole integer in octal, leading
0. A rare form that several parsers still normalize to the destination IP. - Short form (3 parts) —
inet_atonacceptsa.b.cwhere the last part is 16-bit.127.0.1becomes127.0.0.1, escaping validators that expect 4 octets. - Short form (2 parts) —
a.b, last part 24-bit.127.1=127.0.0.1. A classic for shortening loopback and slipping past naive regexes. - Octet overflow (mod 256) — Some parsers apply
% 256to the octet.…+256resolves to the same IP but slips past checks that only block the canonical value. - IPv4-mapped IPv6 —
[::ffff:1.2.3.4]is the IPv4 embedded in IPv6. Dual-stack stacks connect to the real IPv4, but the IPv4 filter never inspects bracketed hosts. - IPv6-mapped (hex groups) — Same idea, last two groups in hex. Yet another textual form that resolves to the destination IPv4.
- IPv6-mapped (expanded) — Uncompressed
[0:0:0:0:0:ffff:..:..]. Useful against filters that recognize the compressed::ffff:but not the expanded form. - Wildcard DNS — nip.io —
<ip>.nip.ioresolves to that IP via DNS. Beats domain-based allowlists (the host is an "external" name pointing inward). - Wildcard DNS — sslip.io — Same concept as nip.io, with hyphen syntax (
a-b-c-d.sslip.io). A fallback when one of the services is filtered/unavailable.
Bypass techniques by category
Allowlist bypass
Userinfo (@), fragment (#), trailing dot, case differences and encoding make the validator see an allowed host while the HTTP client connects somewhere else.
Cloud metadata
AWS (IMDSv1/v2), GCP, Azure, Alibaba and Kubernetes expose internal endpoints that return credentials and configuration — the classic SSRF prize.
Protocols
Beyond http://, schemes like gopher://, dict://, file:// and ftp:// let you read files and talk to text services (Redis, SMTP) through the SSRF.
DNS rebinding
Services like nip.io resolve to an arbitrary IP; rebinding swaps the IP between validation and fetch, defeating checks that only look at the URL string.
Parser confusion
Divergences between the validator and the HTTP client (IDNA, normalization, redirects) make the two interpret the same URL differently.
Frequently asked questions
What is SSRF (Server-Side Request Forgery)?
It's when the server can be tricked into making requests to destinations the attacker chooses — cloud metadata, internal services or loopback — bypassing the network firewall by using the server itself as a proxy.
Why do alternative IP representations bypass filters?
An IP is a 32-bit integer, and many HTTP clients accept its decimal, octal or hexadecimal forms. Filters that only compare the 127.0.0.1 form let 2130706433, 0177.0.0.1 or 0x7f.0.0.1 through.
What is DNS rebinding?
It's a technique where a domain you control first resolves to an allowed IP (passing validation) and, on the next request, to an internal IP — exploiting the window between the check and the use (TOCTOU).
What is the gopher:// payload for?
The gopher:// scheme sends raw bytes to a TCP port, including CRLF. That lets you "speak" text protocols like Redis or HTTP through an SSRF and turn a blind read into an action.
Suspect SSRF in one of your apps?
IntruderLabs runs the pentest that finds and proves these flaws before an attacker does — under your brand, with white-label reporting.
Talk to us →